Search form

Event Correlation

ABSTRACT

In cases involving computer related crime, event oriented evidence is coming under increased scrutiny. Automated methods of classifying events and patterns of events into higher level terminology and vocabulary hold promise for assisting investigators to cope with voluminous, low-level event oriented evidence. In a previous paper, it was demonstrated that the ontology language, OWL was an effective means of representing domain-specific event based knowledge, and when combined with a rule language, was sufficient to apply standard correlation techniques to the task of automated forensic investigation. This paper demonstrates the approach may be rapidly extended to events sourced from new domains, enabling automated cross-domain correlation and that the new approach will accommodate standardised component ontologies which model the separate domains under consideration.